Just having a policy regarding employee use of e-mail, voice mail, and the Internet isn't enough to keepcompanies from running into employee privacy and other problems. Too often, companies get complacentabout updating their policies to take into account new kinds of surveillance and about making sure newemployees are properly informed.
Failure to adopt -- and maintain -- an effective Internet policy can cost companies in several ways: lostemployee work time; misuse of company resources such as telephones and computer space; exposure ofsensitive data stored in company computers to outside attack; and the creation of conditions that can allowone employee to accuse another -- and the company -- of harassment. Employees often assume they haveprivacy rights that don't exist in the workplace.
So far, most e-mail court rulings have been pro employer, but a company should still protect itself with awell-articulated policy about what employees can and can't do with company technology, says JaneAndrews, an attorney with Wilson, Elser, Moskowitz, Edelman & Dicker in Newark, N.J.
Many companies had employees sign acknowledgment forms about their use of e-mail and the Internet whenthe policy was first created. The problem, Andrews says, often comes later. "When companies firstimplement a policy, it's great, but they often don't follow up with future employees and when changes takeplace."
She recommends that a company put its policy directly into the computer system so that any changes can beimmediately entered into the system. That way, "you eliminate having old handbooks in circulation," shesays, which means avoiding the pitfall of out-of-date hard copies. On the company's intranet system, thecompany can make changes immediately and have employees acknowledge that they have read thosechanges.
According to Michael Overly, author of E-Policy, a guide to how employers can deal with the Internet, anestimated 7 trillion messages will travel through cyberspace this year.
That makes Internet use a big problem for employers, and the trend is to limit the number of employees whohave access to it, Andrews says. On the other hand, "employers are becoming more tolerant of doingpersonal business so that employees get things done. On balance, is it worth being really strict?"
In an effort to maintain some kind of balance, some companies are allowing for "minor incidentalpersonal" use of the Internet, as long as it doesn't interfere with work or violate any other companypolicies.
Whatever attitude the company takes about Internet use, it should always have its policy in writing,Andrews says. The written policy should identify the proper use of all company communications and statewhen the company monitors employee usage. It should state that no Internet activity is allowed that violatesstate, federal, or international law and that no company-licensed software may be copied.
Privacy & American Business, which is part of the Center for Social and Legal Research, urges adopting a written employee privacy codethat states that the employer will use monitoring as a positive aid to employee training; to protect the security of employees, customers, andthe general public; and as a way to evaluate employee performance.
Amount of Surveillance Varies by Industry
Most oversights of employees are focused on selected job categories and are most often performed as spotchecks rather than as ongoing surveillance, according to a 1998 American Management Association(AMA) survey.
The financial services sector, including the banking, brokerage, insurance, and real estate industries, leadin electronic monitoring (68%), followed by business and professional service providers (51%) andwholesalers and retailers (47%). As defined by the AMA, electronic monitoring includes storage andreview of e-mail (27%), recording and review of telephone conversations (11%), storage and review ofvoice mail messages (6%), storage and review of computer files (21%), and video recording of employeejob performance (16%).
Additional surveillance practices include tracking telephone numbers called and time spent on calls (39%), computer time and keystrokesentered (15%), and video surveillance to counter theft, violence, or sabotage (33%).